[feature] Add Wireguard support #185

nemesifier · nemesifier · commit b64f837dfc89 · 2021-08-19T20:22:35.000-05:00
Related to #185
diff --git a/docs/source/backends/wireguard.rst b/docs/source/backends/wireguard.rst
@@ -0,0 +1,13 @@
+=================
+Wireguard Backend
+=================
+
+.. include:: ../_github.rst
+
+The ``Wireguard`` backend allows to generate Wireguard compatible configurations.
+
+This backend is designed to allow updating the configuration of a wireguard peer
+automatically when the configuration of a VPN server is changed in OpenWISP, or
+when a new peer is added to OpenWISP (a new device with wireguard VPN client template).
+
+TODO...
diff --git a/docs/source/index.rst b/docs/source/index.rst
@@ -59,6 +59,7 @@ Contents:
    /backends/openwrt
    /backends/openwisp
    /backends/openvpn
+   /backends/wireguard
    /backends/create_your_backend
    /general/commandline_utility
    /general/running_tests
diff --git a/netjsonconfig/__init__.py b/netjsonconfig/__init__.py
@@ -5,6 +5,7 @@
 from .backends.openvpn.openvpn import OpenVpn  # noqa
 from .backends.openwisp.openwisp import OpenWisp  # noqa
 from .backends.openwrt.openwrt import OpenWrt  # noqa
+from .backends.wireguard.wireguard import Wireguard  # noqa
 from .version import VERSION, __version__, get_version  # noqa
 
 
@@ -13,6 +14,7 @@ def get_backends():
         'openwrt': OpenWrt,
         'openwisp': OpenWisp,
         'openvpn': OpenVpn,
+        'wireguard': Wireguard,
     }
     logger = logging.getLogger(__name__)
 
diff --git a/netjsonconfig/backends/openwrt/converters/interfaces.py b/netjsonconfig/backends/openwrt/converters/interfaces.py
@@ -45,6 +45,8 @@ def __intermediate_addresses(self, interface):
         converts NetJSON address to
         UCI intermediate data structure
         """
+        if interface.get('proto') == 'wireguard':
+            return self.__intermediate_wg_addresses(interface)
         address_list = self.get_copy(interface, 'addresses')
         # do not ignore interfaces if they do not contain any address
         if not address_list:
@@ -83,14 +85,20 @@ def __intermediate_addresses(self, interface):
             result += dhcp
         return result
 
+    def __intermediate_wg_addresses(self, interface):
+        address_list = interface.pop('wg_addresses')
+        static = {'addresses': address_list, 'proto': interface['proto']}
+        return [static]
+
     def __intermediate_interface(self, interface, uci_name):
         """
         converts NetJSON interface to
         UCI intermediate data structure
         """
-        interface.update(
-            {'.type': 'interface', '.name': uci_name, 'ifname': interface.pop('name')}
-        )
+        interface.update({'.type': 'interface', '.name': uci_name})
+        name = interface.pop('name')
+        if interface.get('proto') != 'wireguard':
+            interface['ifname'] = name
         if 'network' in interface:
             del interface['network']
         if 'mac' in interface:
diff --git a/netjsonconfig/backends/wireguard/__init__.py b/netjsonconfig/backends/wireguard/__init__.py
diff --git a/netjsonconfig/backends/wireguard/converters.py b/netjsonconfig/backends/wireguard/converters.py
@@ -0,0 +1,30 @@
+from ..base.converter import BaseConverter
+from .schema import schema
+
+
+class Wireguard(BaseConverter):
+    netjson_key = 'wireguard'
+    intermediate_key = 'wireguard'
+    _schema = schema
+
+    def to_intermediate_loop(self, block, result, index=None):
+        vpn = self.__intermediate_vpn(block)
+        result.setdefault('wireguard', [])
+        result['wireguard'].append(vpn)
+        return result
+
+    def __intermediate_vpn(self, config, remove=None):
+        config['ListenPort'] = config.pop('port')
+        config['PrivateKey'] = config.pop('private_key')
+        config['peers'] = self.__intermediate_peers(config.get('peers', []))
+        return self.sorted_dict(config)
+
+    def __intermediate_peers(self, peers):
+        peer_list = []
+        for peer in peers:
+            peer['AllowedIPs'] = peer.pop('allowed_ips')
+            peer['PublicKey'] = peer.pop('public_key')
+            peer['Endpoint'] = peer.pop('endpoint', None)
+            peer['PreSharedKey'] = peer.pop('preshared_key', None)
+            peer_list.append(self.sorted_dict(peer))
+        return peer_list
diff --git a/netjsonconfig/backends/wireguard/parser.py b/netjsonconfig/backends/wireguard/parser.py
@@ -0,0 +1,21 @@
+import re
+
+from ..base.parser import BaseParser
+
+vpn_pattern = re.compile('^# wireguard config:\s', flags=re.MULTILINE)
+config_pattern = re.compile('^([^\s]*) ?(.*)$')
+config_suffix = '.conf'
+
+
+class WireguardParser(BaseParser):
+    def parse_text(self, config):
+        raise NotImplementedError()
+
+    def parse_tar(self, tar):
+        raise NotImplementedError()
+
+    def _get_vpns(self, text):
+        raise NotImplementedError()
+
+    def _get_config(self, contents):
+        raise NotImplementedError()
diff --git a/netjsonconfig/backends/wireguard/renderer.py b/netjsonconfig/backends/wireguard/renderer.py
@@ -0,0 +1,15 @@
+from ..base.renderer import BaseRenderer
+
+
+class WireguardRenderer(BaseRenderer):
+    """
+    Wireguard Renderer
+    """
+
+    def cleanup(self, output):
+        # remove indentations
+        output = output.replace('    ', '')
+        # remove last newline
+        if output.endswith('\n\n'):
+            output = output[0:-1]
+        return output
diff --git a/netjsonconfig/backends/wireguard/schema.py b/netjsonconfig/backends/wireguard/schema.py
@@ -0,0 +1,97 @@
+"""
+Wireguard specific JSON-Schema definition
+"""
+from copy import deepcopy
+
+from ...schema import schema as default_schema
+
+base_wireguard_schema = {
+    "$schema": "http://json-schema.org/draft-04/schema#",
+    "type": "object",
+    "additionalProperties": True,
+    "properties": {
+        "wireguard": {
+            "type": "array",
+            "title": "Wireguard",
+            "uniqueItems": True,
+            "additionalItems": True,
+            "propertyOrder": 12,
+            "items": {
+                "type": "object",
+                "title": "Wireguard tunnel",
+                "additionalProperties": True,
+                "required": ["name", "port", "private_key"],
+                "properties": {
+                    "name": {
+                        "title": "interface name",
+                        "description": "Wireguard interface name",
+                        "type": "string",
+                        "minLength": 2,
+                        "maxLength": 15,
+                        "pattern": "^[^\\s]*$",
+                        "propertyOrder": 1,
+                    },
+                    "port": {
+                        "title": "port",
+                        "type": "integer",
+                        "default": 51820,
+                        "maximum": 65535,
+                        "minimum": 1,
+                        "propertyOrder": 2,
+                    },
+                    "private_key": {
+                        "title": "private key",
+                        "type": "string",
+                        "minLength": 44,
+                        "maxLength": 44,
+                        "pattern": "^[^\\s]*$",
+                        "propertyOrder": 3,
+                    },
+                    "peers": {
+                        "type": "array",
+                        "title": "Peers",
+                        "uniqueItems": True,
+                        "additionalItems": True,
+                        "propertyOrder": 11,
+                        "items": {
+                            "type": "object",
+                            "title": "Peer",
+                            "required": ["public_key", "allowed_ips"],
+                            "properties": {
+                                "public_key": {
+                                    "title": "public key",
+                                    "type": "string",
+                                    "minLength": 44,
+                                    "maxLength": 44,
+                                    "pattern": "^[^\\s]*$",
+                                    "propertyOrder": 1,
+                                },
+                                "allowed_ips": {
+                                    "title": "public key",
+                                    "type": "string",
+                                    "propertyOrder": 2,
+                                },
+                                "endpoint": {
+                                    "title": "public key",
+                                    "type": "string",
+                                    "propertyOrder": 3,
+                                },
+                                "preshared_key": {
+                                    "title": "pre-shared key",
+                                    "type": "string",
+                                    "minLength": 44,
+                                    "maxLength": 44,
+                                    "pattern": "^[^\\s]*$",
+                                    "propertyOrder": 4,
+                                },
+                            },
+                        },
+                    },
+                },
+            },
+        }
+    },
+}
+
+schema = deepcopy(base_wireguard_schema)
+schema['properties']['files'] = default_schema['properties']['files']
diff --git a/netjsonconfig/backends/wireguard/templates/wireguard.jinja2 b/netjsonconfig/backends/wireguard/templates/wireguard.jinja2
@@ -0,0 +1,20 @@
+{% for vpn in data.wireguard %}
+    # wireguard config: {{ vpn.name }}
+
+    [Interface]
+        {% for key, value in vpn.items() %}
+            {% if key not in ['name', 'peers'] %}
+                {{ key }} = {{ value }}
+            {% endif %}
+        {% endfor %}
+
+    {% for peer in vpn.peers %}
+    [Peer]
+        {% for key, value in peer.items() %}
+            {% if value %}
+                {{ key }} = {{ value }}
+            {% endif %}
+        {% endfor %}
+
+    {% endfor %}
+{% endfor %}
diff --git a/netjsonconfig/backends/wireguard/wireguard.py b/netjsonconfig/backends/wireguard/wireguard.py
@@ -0,0 +1,37 @@
+from ..base.backend import BaseBackend
+from . import converters
+from .parser import config_suffix, vpn_pattern
+from .renderer import WireguardRenderer
+from .schema import schema
+
+
+class Wireguard(BaseBackend):
+    schema = schema
+    converters = [converters.Wireguard]
+    renderer = WireguardRenderer
+
+    def _generate_contents(self, tar):
+        """
+        Adds configuration files to tarfile instance.
+
+        :param tar: tarfile instance
+        :returns: None
+        """
+        text = self.render(files=False)
+        # create a list with all the packages (and remove empty entries)
+        vpn_instances = vpn_pattern.split(text)
+        if '' in vpn_instances:
+            vpn_instances.remove('')
+        # create a file for each VPN
+        for vpn in vpn_instances:
+            lines = vpn.split('\n')
+            vpn_name = lines[0]
+            text_contents = '\n'.join(lines[2:])
+            # do not end with double new line
+            if text_contents.endswith('\n\n'):
+                text_contents = text_contents[0:-1]
+            self._add_file(
+                tar=tar,
+                name='{0}{1}'.format(vpn_name, config_suffix),
+                contents=text_contents,
+            )
diff --git a/netjsonconfig/utils.py b/netjsonconfig/utils.py
@@ -105,7 +105,7 @@ def evaluate_vars(data, context=None):
             else:
                 pattern = var_pattern
             if var in context:
-                data = re.sub(pattern, context[var], data)
+                data = re.sub(pattern, str(context[var]), data)
     return data
 
 
diff --git a/setup.cfg b/setup.cfg
@@ -3,7 +3,7 @@ universal=1
 
 [flake8]
 max-line-length=110
-max-complexity=9
+max-complexity=10
 # W503: line break before or after operator
 # W504: line break after or after operator
 # W605: invalid escape sequence
diff --git a/tests/wireguard/__init__.py b/tests/wireguard/__init__.py
diff --git a/tests/wireguard/test_backend.py b/tests/wireguard/test_backend.py
